Uploaded image for project: '[Read Only] - Hippo Repository'
  1. [Read Only] - Hippo Repository
  2. REPO-1498

Make query results more resilient to not break on unauthorized results but skip them

    XMLWordPrintable

Details

    • Bug
    • Status: Closed
    • High
    • Resolution: Fixed
    • None
    • jackrabbit-patches-h12
    • None
    • None
    • Platform Sprint 132

    Description

      When iterating through the nodes in a query result via

      javax.jcr.query.QueryResult queryResult = ...;
for (Node node : new NodeIterable(queryResult.getNodes())) {
        System.out.println(node.getPath());
}

      It will always work since in case a node in the search result is unauthorized (should normally not happen), it still gets skipped by org.apache.jackrabbit.core.query.lucene.NodeIteratorImpl (and only a warning is logged). Since search results are non-transactional, this (an unauthorized node during iteration being skipped) can always happen even without the authorization query.

      If however, instead of queryResult.getNodes(), you use 

      javax.jcr.query.QueryResult queryResult = ...;
 while (rows.hasNext()) {
         final Row row = rows.nextRow();
         final Value[] values = row.getValues();
}

      the code above throws a repository exception on 'row.getValues()' if the backing jcr node cannot be read (unauthorized).
      We should in jackrabbit RowIteratorImpl first fetch the node and log a warning if it is not allowed to be read.

      Attachments

        Issue Links

          includes

          Task - A task that needs to be done. CMS-10191 Deploy new JR 2.10 -h12 jackrabbit dependencies and update project pom

          • Normal - Normal priority, tasks to be done before next intermediate release
          • Closed
          is cloned by

          Bug - A problem which impairs or prevents the functions of the product. REPO-1512 [Backport 7.9] Make query results more resilient to not break on unauthorized results but skip them

          • High - High priority, expected behaviour required often required for other tasks
          • Closed
          relates to

          Bug - A problem which impairs or prevents the functions of the product. REPO-1497 Parent and/or child axis queries can break under certain conditions

          • Normal - Normal priority, tasks to be done before next intermediate release
          • Closed

          Activity

            People

              Unassigned Unassigned
              aschrijvers Ard Schrijvers
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: